Assignment One

transcript

Assignment One

• Due right NOW.

• Place your assignment on the table at the front of the room

AdminTrivia

• First Exam will be on September 27• Exam will be Open Notes• No electronic devices permitted

– Cell phones off– Computers in their cases– PDA’s off and in their cases– Anything else that can contain data or

communicate off and out of reach

Spyware and Adware

Basic Attack Types

Spyware

• Spyware can be considered a kind of Trojan horse software.

• Spyware software is distinguished by having a surveillance function.

Basic Attack Types

Spyware

• Various kinds of spyware may– Install a keylogger, which records users’

keystrokes, and can be used to get passwords.

– Turn on webcams or microphones.– Record the web sites a user visits.

Basic Attack Types

Adware• A variation on spyware, called adware, is typically

installed with a user’s permission, usually as part of a legitimate software installation.

• The adware spyware is installed in addition to the desired software.

• Often the user authorizes this as part of the licensing agreement for the desired software.

Basic Attack Types

Adware

• Adware may reconfigure a user’s computer and web browser to display extra, unwanted advertisements.

• Like spyware, it may collect and report various data.

Module Twelve

Modern Attack Types

Combination Attacks

• In reality, viruses, Trojan horses, spyware, etc. are not distinct from one another.

• For example, spyware may also– Introduce a backdoor into a user’s

computer so the attacker can access it ,or– Recruit the computer for a zombie network.

Modern Attack Types

Blended Threats

• Similarly, modern attacks often use the basic attacks we have described as building blocks.

• These building blocks are simple pieces the attackers combine to make more complex malware.

Modern Attack Types

Blended Threats

• These combined, complex, multi-pronged attacks are known as blended threats.– They have several different ways of taking

over a computer.– Once in control, they have several different

illicit activities.

A modern blended Threat

The W32.Spybot.KEG worm

Modern Attack Types

Blended Threats

• An example of a blended threat is the worm known as W32.Spybot.KEG.

• It combines several of the attack characteristics we have described.

Modern Attack Types

Blended Threats

• W32.Spybot.KEG has several ways of attacking a computer:– It has a list of 129 common passwords that it uses

to attempt to access computers.– For example:

• “123”, • “access”, • “changeme”, • “password”, • “qwerty”

Modern Attack Types

Blended Threats

• W32.Spybot.KEG has several ways of attacking a computer:– It checks for backdoor entry methods left

by other, earlier attacks (e.g. Beagle, Sasser).

Modern Attack Types

Blended Threats

• W32.Spybot.KEG has several ways of attacking a computer:– It checks to see if a computer can be

attacked using about a half dozen different buffer overflow vulnerabilities.

Modern Attack Types

Blended Threats

• Once W32.Spybot.KEG has control over a computer, it– Copies itself onto the compromised

computer,– Attempts to attack other computers, and– Creates a back door channel for

commands, turning the computer into part of a zombie network.

Modern Attack Types

Blended Threats

• The W32.Spybot.KEG zombie network computers can then receive commands to do (among other things)– Log keystrokes at the computer,– Eavesdrop on the local network,– Start a web or file server,– Capture screenshots and webcam images,– Launch Denial of Service Attacks.

Modern Attack Types

Blended Threats• The W32.Spybot.KEG worm is typical of

modern attacks.• It shows show complex modern attacks are.• And how flexible -

– It has multiple ways to take over a computer, and– Once in control, has a wide variety of illicit

activities it can do.

Attack Kits

Modern Attack Types

Attack Kits

• An important goal of legitimate software developers is to make it easier to write useful, bug-free computer code.

Modern Attack Types

Attack Kits

• This is also true in the world of attack software, where “kits” are available where non-experts can piece together custom made attack programs.

Modern Attack Types

Attack Kits

• This is an important development.• It allows amateur attackers (script

kiddies) to mount attacks that they could not if they had to write the code themselves.

• This increases the number of attacks enormously.

Unit Two

Operating Systems

Unit OutlineModule 1: Operating System BasicsModule 2: Attacking Operating Systems: ImpersonationModule 3: Attacking Operating Systems: Exploits

Module One

Operating System Basics

Introduction

• A Computer’s Operating System typically does two major things.

1. It controls access to the various resources of the computer, and

2. It provides an interface - a way for the user to communicate with the computer.

Introduction

• From a computer security perspective, we are mostly interested in the first part:

1. It controls access to the various resources of the computer.

2. It provides an interface - a way for the user to communicate with the computer.

Resources

• The operating system is the computer program responsible for making the various parts of the computer available and useful to the user.

Resources

• For example, the magnetic data on a disk drive is available to the user as directories and files.

File Systems

• The way the computer organizes the – disks, CDs, and other storage media

as – files and folders

is known as the computer’s file system.

File Systems

• The – design and – maintenance

of a file system is one of the operating system’s primary responsibilities.

Access

• In addition to presenting data as files and folders, the operating system is responsible for controlling access to the parts of the file system.

Access

• For instance, computers can have multiple users, and the computer has to ensure that users only access files, folders, etc. to which they have legitimate rights.

Access Control

• Here we begin to see how operating systems relate to security.

Access Control

• An operating system is responsible for ensuring that– A user cannot read or write files belonging

to another user who wishes to keep them private.

– A user cannot access sensitive files used to administer the computer, e.g. a file containing all the users’ password information.

Controlling Access• Operating systems security can be thought of as

simultaneously – Sharing, and – protecting

the resources of the computers, such as:– Memory,– Input/Output devices,– Printers,– Programs,– Data, and– Networks.

Privileges and Permissions

• Controlling access to resources is done using the concepts of – Privileges, and – Permissions.

• Files, directories, and other resources on a computer have permissions associated with them.

• These permissions determine what privileges the various users on a computer have to read, write or otherwise access those resources.

• For example, – User A can set the permissions on most of

her files and directories so that only she can read or write them.

• For example, – However, she may set up a directory,

perhaps called Public, with permissions allowing anyone to read its contents.

• For example, – She might also set up a directory, called

Dropbox, where others can put copies of files.

• The idea is that she can control the access others have over her files and folders.

Privileges and Permissions• The operating system enforces these

permission and privileges.• Whenever a user requests access to a file or

directory, that request goes through the operating system, which checks to see if the user has permission to access that file before it is granted.

Administrative Users• Most operating systems recognize a

distinction between the privileges of ordinary users, and one or more users that are allowed to administer the computer.

• This prevents ordinary users from accessing critical system functions– Prevents accidentally damaging the system– Limits the damage done if an ordinary users

account is compromised

Administrative Users• These administrative users, known as

– Superusers, – Admins, or – Root

have complete control over the machine.– Read and Modify any users files– Control any system resource– Create and destroy file systems on disks– Control network access to the machine

Administrative Users

• Very attractive to hackers to become the Administrative User on a machine

• Most modern operating systems have ways of distributing administrative functions over other uses– Called roles– Often, “root” or “admin” logins disallowed

Attacking Operating Systems: Impersonation

Authentication

• In order to have accounts for individual users, there must be methods to ensure that only the authorized people can use the accounts.

• The methods to do this are known as authentication.

• This is especially important for administrator accounts.

Passwords• There are many different ways of

authenticating users.• The most common method is user IDs and

passwords.• A user ID is the identifier for the user

(typically a variation on their name or role).• A password is some sequence of characters

(e.g. a word or phrase, a word-like nonsense sequence, a random sequence of keyboard characters).

Password Problems• However, passwords are often an insecure method of

authentication.• For example, users often

– Don’t change passwords given them to start an account, or those provided with a new computer or software package

– Choose passwords that are easy to guess (c.f. the list of passwords used by the W32.Spybot.KEG worm)

Password Problems• An Internet search can easily find lists of common passwords.• One such list is at

http://geodsoft.com/howto/password/common.htm

– Share them with others

– Leave them written down in insecure locations

– Use the same passwords for multiple accounts or uses

– Are willing to give them to people impersonating system administrators.

Password Problems

• Because of these types of problems, passwords are an imperfect method of authentication.

Password Problems• In addition there are other problems with

password authentication:– Eavesdropping or wiretapping to find passwords.

Password Problems• In addition there are other problems with

password authentication:– Guest or anonymous accounts on computers with

no password or easy to guess passwords.

Cracking Passwords

• There is a series of programs, L0phtcrack, that attempt to find all of the passwords on a computer system.

• How L0phtcrack and similar programs work shows how weak passwords can be exploited.

Storing Passwords

• In general, computers do not store the actual user passwords on the computer.

Storing Passwords

• Instead, they are encoded.• The encoded versions are stored on the

computer.– The encoded version are called one-way

hashes.

Storing Passwords

• When a user types a password, it is – Encoded, and – Compared to the stored version.

• If the new and stored hashes match, the user is allowed access to the computer.

A Successful Password Match

A Failed Password Match

Attacking Passwords

• This method is more secure than storing a list of actual passwords on the computer.

Attacking Passwords

• However, if an attacker can read the list of hashes, they can often use them to find the original passwords.

Attacking Passwords

• Modern computers are fast enough that attackers can try a brute force approach.

• A brute force approach consists of trying all possible passwords.– More or less.

Brute Force

• The brute force approach is very simple.• For each guess at a password,

generate its hash.– If it matches the stored hash, the attacker

now knows that password.– If it does not match, try the next guess.

Module Two

Introduction

• One of the goals of attackers is to gain administrative access to computers.

• This allows them to access all of the files and other resources on those systems.

• This access gives them almost absolute control of a computer and any information on it.

Ways of Attack

• There are two primary ways for an attacker to get administrative access to a computer– Impersonation,– Exploit weaknesses in the operating

system.

Passwords• Passwords are a common authentication

method because– It is low-cost

• The software to compare passwords is well-known and easy to implement.

• Users can change their own passwords, minimizing overhead.

– It is relatively convenient• Users can memorize their passwords, or keep a copy in

a secured location.• There is no extra hardware used in authentication.

– Don’t change passwords given them to start an account, or those provided with a new computer or software package

– Choose passwords that are easy to guess (c.f. the list of passwords used by the W32.Spybot.KEG worm)

– Share them with others

– Leave them written down in insecure locations

– Use the same passwords for multiple accounts or uses

Assignment One

Documents